Workshop on Research for Insider Threat (WRIT) 2014

horse-WRIT WRIT 2014: May 18, 2014
Fairmont San Jose Hotel | San Jose, CA, USA

Registration | Hotel | Travel Grants | Overview | Topics
Submission | Program | Important Dates
IEEE Systems Journal Special Issue 
Program ChairsProgram Committee | Sponsors


Registration has opened for the SPW14 workshops!  Participants can register for both the Symposium on Security and Privacy (SP) and the Security and Privacy Workshops (SPW) at the same site.  SPW registration is for a workshop "day pass," to allow attendance at any of the workshops on a specific day (Saturday or Sunday).  Of course, you may purchase passes for both days. During registration, you will identify the workshop you are most likely to attend; this allows the organizers to make arrangements based on number of expected attendees for each workshop. Register online >


The Security & Privacy Workshops will be held at the Fairmont Hotel in San Jose, which has now provided a registration code for attendees to use to get discounted rates. To take advantage of the discounted rate, make your hotel reservation by April 23, 2014. Information about the hotel will be available on the SPW website shortly. Book your rooms online > 

Travel Grants

NSF and the IEEE Computer Society's Technical Committee on Security and Privacy, our sponsoring organization, are funding travel grants for students that will allow us to cover both domestic travel and international travel. Learn more about travel grants >



The threat of damage caused by authorized users, or insiders, is one of the most challenging security issues facing most organizations today. Insiders often attack using authorized access and with actions very similar to non-malicious behavior. Modern insiders are further enabled by immense data storage capabilities, advanced searching algorithms, and the difficulty of building, deploying, and managing comprehensive insider threat monitoring systems. Furthermore, insider attacks can also include those unintentionally enabled by users who fall victim to external attacks such as phishing or drive-by downloads.

Cybersecurity professionals face significant challenges in preventing, detecting, and responding to insider attacks, and often turn to insider threat researchers for answers. Unfortunately, insider threat researchers also face serious barriers to conducting scientifically and operationally valid work, such as access to real-world data and ground-truth about malicious insider activity. Therefore, it is imperative that cybersecurity researchers and professionals work together to find solutions that protect organizations from insider threats. Technical approaches to this problem are emerging, but studies show little significant progress has been made in reducing the actual numbers or impacts of insider attacks. There are two main reasons for the relative lack of success in identifying insider threats:

  • The problem is not well understood. In addition to the complex challenges surrounding collection, correlation, and detection of technical indicators, researchers must also understand underlying human motivations and behaviors. This is not a traditional area of study for IT security researchers; configuring technical solutions to monitor for human deception is challenging.
  • Data on insider attacks is difficult to obtain 
    • Ground truth data:Organizations suffering insider attacks are often reluctant to share data about those attacks publicly. Studies show over 70% of attacks are not reported externally, including many of the most common, low-level attacks. This leads to uncertainty that available data accurately represents the true nature of the problem.
    • Baseline data: The rate of insider attacks is relatively unknown; furthermore, the behaviors of non-malicious users are also not available in large data sets.

WRIT will highlight the challenges and trends specific to the insider threat problem from multiple viewpoints, such as information technology, behavioral sciences, or criminology. Furthermore, the workshop will review emerging approaches and explore experimental possibilities for measuring the efficacy of proposed solutions. The workshop will be accessible to non-experts interested in learning about the insider threat problem as well as experts interested in learning about new research and approaches. WRIT 2014 will feature a keynote address, a panel session, and sessions that describe the problem and detection. See the full program for details.



Topics of interest include but are not limited to

  • New insider threat indicator development
  • Data collection, aggregation, and correlation for threat indicators
  • Anomaly analysis for insider threat detection
  • Machine-learning approaches to insider detection
  • Data collection of baseline user data and behaviors
  • Insider threat case studies
  • Unique aspects of the insider threat problem
  • Novel techniques and new technologies for preventing, detecting, and responding to insider attacks
  • Predictive analytics for identifying potential indicators of insider threat
  • Linguistic approaches to identifying potential behavior of concern
  • Insider attacker behavioral models and analysis
  • Adversarial and game theoretic models of insider threats and attacks
  • Evaluation, experimentation and risk assessment of insider threat detection approaches
  • Cloud computing and insider threats
  • Computer forensics considerations for dealing with insider threats
  • Mobile devices and insider threats
  • Social networking and insider threats
  • Identifying unknown insider attack patterns
  • Socio-technical approaches to protecting against insider threat attacks
  • Biometric approaches for identifying potential insider threat behavior
  • Application of solutions from other domains to address insider threats


All submissions must be original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chairs if there are questions about this policy.

Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing their identity in the text. When referring to your previous work, do so in the third person, as though it were written by someone else. Only blind the reference itself in the (unusual) case that a third-person reference is infeasible. Contact the program chairs if you have any questions. Papers that are not properly anonymized may be rejected without review.

Papers must not exceed 15 pages total (including the references and appendices). Papers must be formatted for U.S. letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.25" high and 3.5" wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. Failure to adhere to the page limit and formatting requirements will be grounds for rejection.

Papers accepted by the workshop will be published in the Conference Proceedings, published by IEEE Computer Society Press. The Workshop uses EasyChair for all submissions:



WRIT 2014 will feature a keynote address, a panel session, and sessions that describe the problem and detection. See the full program for details.


Important Dates

Last day to book discounted hotel rooms:
April 23, 2014

Last day to cancel event registration:
April 24, 2014 (cancellation fees may apply)

Paper submission due:
February 3, 2014
February 10, 2014

Acceptance notification: March 14, 2014

Camera ready version due: March 28, 2014

Workshop: May 18, 2014


IEEE Systems Journal Special Issue

Selected papers will be invited to submit extended versions to a special issue of the IEEE Systems Journal titled "Insider Threats to Information Security, Digital Espionage and Counter-Intelligence." Dr. Ilsun You is coordinating this effort as the 2014 WRIT Special Issue Chair.  Please see the Call for Papers for more information.

Program Chairs

Bill Claycomb, Carnegie Mellon University,
Sadie Creese, Oxford University,


Special Issue Chair

Ilsun You, Korean Bible University,


Program Committee

  • Matt Bishop, University of California at Davis
  • Deanna D. Caputo, The MITRE Corporation
  • Anni Coden, IBM
  • Zheng Dong, Indiana University
  • Bill Fitzgerald, University of Cambridge
  • David Foster, The MITRE Corporation
  • Carrie Gates, Dell
  • Dieter Gollman, Technische Universität Hamburg-Harburg
  • Frank Greitzer, PsyberAnalytix, LLC
  • Gerald Hendrickson, Sandia National Laboratories
  • David Jensen, University of Massachusetts at Amherst
  • James Joshi, University of Pittsburgh
  • Sam Liles, Purdue University
  • Phil Legg, Oxford University
  • Debin Liu, PayPal
  • Roy Maxion, Carnegie Mellon University
  • Andrew Moore, Software Engineering  Institute
  • Joshua Neil, Los Alamos National Laboratories
  • Jason Nurse, Oxford University
  • Joel Predd, RAND Corporation
  • Christian Probst, Technical University of Denmark
  • Daniel Quist, Bechtel, Inc.
  • David Robinson, Sandia National  Laboratories
  • Marc Rogers, Purdue University
  • Malek Ben Salem, Accenture
  • Ted Senator, SAIC
  • Dongwan Shin, New Mexico Tech
  • Craig Shue, Worcester Polytechnic Institute
  • Sean Smith, Dartmouth College
  • David Stein, Raytheon
  • Hassan Takabi, University of North Texas
  • Paul Taylor, Lancaster University
  • Kurt Wallnau, Software Engineering Institute
  • Rhys Williams, Ministry of Defence
  • Ilsun You, Korean Bible University




logo-IBM      NSF Logo      CISCO Logo


UIC Logo      ERNW Logo

Site hosting by the SEI